#vinoth-kumar_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1281233158628704267

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• vinoth-kumar_api, 20 hours ago, 14 messages

Hi, let me help you with this.

Hi @runic spruce

What are you trying to achieve, on the high level?

We are SASS product business, where people will sell their product through Stripe, bascially they will add the API key in their settings, we will create the respective webhook event using the API key, our code works good in testing API, when tried live, one of our customer got this error while creating a Webhook key through API

Though we have created a testing connected account and tried, but we are not getting any issue in our normal process.

The error message implies you're using Stripe Connect, but you're mentioning sharing their API keys with you, which is a completely different approach. How are you controlling other Stripe Accounts exactly?

We are not controlling any of our customer Stripe account, they actually add their API key and we will start the webhook creation process and payment events.

Ok, could you please share the error Request ID req_xxx? https://support.stripe.com/questions/finding-the-id-for-an-api-request

👋 stepping in

Hi @craggy tendon

This is not possible with our public API -- we restrict creating endpoints on Connected Accounts as a security limitation. However, if you reach out to our Support team via https://support.stripe.com/contact/login about this they may be able to help you out in terms of enabling an ability like this for your account. Since this is a public server we can't help further with that here.

Ok @craggy tendon just to confirm, If I do the same process for the testing account, will it work?

It should also error afaik

You are seeing it working on a test account when you create an endpoint using your platform + Stripe account header?

But I can able to create a webhook for the connected accounts with their API key

Sure

That is just the Connected Account creating their own Webhook endpoint

That is the recommended path here

They control their own account and create their own Webhook endpoint

Let's pause for a second.

You as the platform should be using a Connect Endpoint here

Why do you care about creating an endpoint on the Connected Account?

Sorry! Just to update from the previous message

We are SASS product business, where people will sell their product through Stripe, basically they will add the API key in their settings, we will create the respective webhook events using their API key, our code works good in testing API, when tried live, one of our customer got this error while creating a Webhook event through thier API Key

We are not sure what type of account they are using

Okay well in the case of the error that is not them creating their endpoint using their API key -- that is your platform using your platform key + the Stripe Account Header (see: https://stripe.com/docs/connect/authentication) to try to create the endpoint for the Connected Account, which is prohibited and why you see an error.

No, we are using their API key to create the webhook endpoints through API

Nope not for the request that you shared above

Is that request is coming from our platform key?

Yes

Actually our header is look like below, the secret_key is their API secret key. We don't store our secrete key anywhere in the site. Can you please check.
$headers = array( 'Authorization' => 'Bearer ' . $secret_key, 'Content-Type' => 'application/json', );

I mean that's all good and well, but I'm telling you for the request that errored it did use your platform key and did pass the Connected Account header.

I can't tell you why/how that happened in terms of your code.

But that is what happened.

Ok, so instead of our platform API secret key, if we pass their secret key it will work?

Yes

Which is why you can't reproduce the error when you do that, right?

Sorry! Just to confirm, how do you know that the key we have passed is our platform key not the respective account. It will be easy for me to debug.

You can look at your Dashboard at the request (https://dashboard.stripe.com/logs/req_a8os92zhfmfdwO) and you can see that it has Application set which indicates it was your platform that made the request.

Feel free to contrast that with requests that you make on your own account (like would happen if you used the Connected Accounts API key to make a request for them) and you won't see that Application appear

Yes, we made the request from our platform through the Customer API Key to create a webhook events.

If the above is incorrect, can you please guide me how to create a new webhook events for any account (connected or main)

I'm not really sure what you mean. When you create a Webhook endpoint you only do so on your own account. You never pass the Stripe Account header as it is prohibited to do so. If you are a platform and want to create an endpoint to listen for Events on your Connected Accounts then you create a connect endpoint, see: https://docs.stripe.com/connect/webhooks

Ok, is there a way to find whether the account is connected or main account through API?

Not really -- you should know what your platform key is and we really don't recommend handling Connected Account keys in general.

What I'd recommend here is going back to the beginning of what I said and talking to our Support team about whether they can enable your platform to create these endpoints for your Connected Accounts

Then you don't have to handle your Connected Accounts' API keys at all

Ok thanks, just to confirm, if my account is main account and adding my API key in my site and the site code is trying to generate the webhook endpoints, will it work?

I'm not sure what you mean by "main account"

Is that the Connected Account?

Hope there are two types of accounts, main account and connected accounts (screenshot shared)

Yeah we don't call anything a "main account"

Ok

There are Platform accounts and Connected Accounts

Sorry, yes, platform accounts and connnected account

So which one are you referring to here

My problem is, how do I create a webhook endpoints if the API key is from Platform accounts or Connected Accounts

Because our customer will share only the API key, we are not sure which account they are belongs to

Your two options are to either:

• Ask our Support team if you can create the Webhook for the Connected Account from your platform. In which case you need to collect/store their account ID to do this (this is the recommended approach). The API request here would involve the Create Webhook endpoint + passing the Stripe Account Header with the Connected Account ID.
• Collect the Connected Account's API key (which it sounds like you are already doing) and use that key to create a Webhook endpoint.